diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-11-29 00:04:47 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-29 00:04:47 +0000 |
| commit | f63d259d88c3d60643217cb4ae58bc86fdf97439 (patch) | |
| tree | e7ae5fe0048ce8f223cd6dbd042a64096c388e05 | |
| parent | 18100dc6c2d14d96af8e0620a47039a4dff3a058 (diff) | |
| parent | c0ec6e5dfcc36d791ae9c95a58a061c7ad08f67b (diff) | |
| download | nixlib-f63d259d88c3d60643217cb4ae58bc86fdf97439.tar nixlib-f63d259d88c3d60643217cb4ae58bc86fdf97439.tar.gz nixlib-f63d259d88c3d60643217cb4ae58bc86fdf97439.tar.bz2 nixlib-f63d259d88c3d60643217cb4ae58bc86fdf97439.tar.lz nixlib-f63d259d88c3d60643217cb4ae58bc86fdf97439.tar.xz nixlib-f63d259d88c3d60643217cb4ae58bc86fdf97439.tar.zst nixlib-f63d259d88c3d60643217cb4ae58bc86fdf97439.zip | |
Merge staging-next into staging
31 files changed, 371 insertions, 62 deletions
diff --git a/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md b/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md index ccadb819e061..fa921bbc7c5e 100644 --- a/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md +++ b/nixos/doc/manual/development/what-happens-during-a-system-switch.chapter.md @@ -37,7 +37,6 @@ of actions is always the same: - Forget about the failed state of units (`systemctl reset-failed`) - Reload systemd (`systemctl daemon-reload`) - Reload systemd user instances (`systemctl --user daemon-reload`) -- Set up tmpfiles (`systemd-tmpfiles --create`) - Reload units (`systemctl reload`) - Restart units (`systemctl restart`) - Start units (`systemctl start`) diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b92786506a29..1c46b2b5f53b 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1441,6 +1441,7 @@ ./system/boot/stratisroot.nix ./system/boot/modprobe.nix ./system/boot/networkd.nix + ./system/boot/unl0kr.nix ./system/boot/plymouth.nix ./system/boot/resolved.nix ./system/boot/shutdown.nix diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl index e2f66a287bc4..b840c324e72b 100755 --- a/nixos/modules/system/activation/switch-to-configuration.pl +++ b/nixos/modules/system/activation/switch-to-configuration.pl @@ -889,10 +889,6 @@ while (my $f = <$list_active_users>) { close($list_active_users) || die("Unable to close the file handle to loginctl"); -# Set the new tmpfiles -print STDERR "setting up tmpfiles\n"; -system("$new_systemd/bin/systemd-tmpfiles", "--create", "--remove", "--exclude-prefix=/dev") == 0 or $res = 3; - # Before reloading we need to ensure that the units are still active. They may have been # deactivated because one of their requirements got stopped. If they are inactive # but should have been reloaded, the user probably expects them to be started. diff --git a/nixos/modules/system/boot/systemd/tmpfiles.nix b/nixos/modules/system/boot/systemd/tmpfiles.nix index 183e2033ecb0..99928ab733d1 100644 --- a/nixos/modules/system/boot/systemd/tmpfiles.nix +++ b/nixos/modules/system/boot/systemd/tmpfiles.nix @@ -150,6 +150,12 @@ in "systemd-tmpfiles-setup.service" ]; + # Allow systemd-tmpfiles to be restarted by switch-to-configuration. + systemd.services."systemd-tmpfiles-setup" = { + unitConfig.RefuseManualStop = "no"; + restartTriggers = [ "${config.environment.etc."tmpfiles.d".source}" ]; + }; + environment.etc = { "tmpfiles.d".source = (pkgs.symlinkJoin { name = "tmpfiles.d"; diff --git a/nixos/modules/system/boot/unl0kr.nix b/nixos/modules/system/boot/unl0kr.nix new file mode 100644 index 000000000000..8d9af37382e0 --- /dev/null +++ b/nixos/modules/system/boot/unl0kr.nix @@ -0,0 +1,89 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.boot.initrd.unl0kr; +in +{ + options.boot.initrd.unl0kr = { + enable = lib.mkEnableOption (lib.mdDoc "unl0kr in initrd") // { + description = lib.mdDoc '' + Whether to enable the unl0kr on-screen keyboard in initrd to unlock LUKS. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + meta.maintainers = with lib.maintainers; [ tomfitzhenry ]; + assertions = [ + { + assertion = cfg.enable -> config.boot.initrd.systemd.enable; + message = "boot.initrd.unl0kr is only supported with boot.initrd.systemd."; + } + ]; + + boot.initrd.systemd = { + storePaths = with pkgs; [ + "${pkgs.gnugrep}/bin/grep" + libinput + xkeyboard_config + "${config.boot.initrd.systemd.package}/lib/systemd/systemd-reply-password" + "${pkgs.unl0kr}/bin/unl0kr" + ]; + services = { + unl0kr-ask-password = { + description = "Forward Password Requests to unl0kr"; + conflicts = [ + "emergency.service" + "initrd-switch-root.target" + "shutdown.target" + ]; + unitConfig.DefaultDependencies = false; + after = [ + "systemd-vconsole-setup.service" + "udev.service" + ]; + before = [ + "shutdown.target" + ]; + script = '' + # This script acts as a Password Agent: https://systemd.io/PASSWORD_AGENTS/ + + DIR=/run/systemd/ask-password/ + # If a user has multiple encrypted disks, the requests might come in different times, + # so make sure to answer as many requests as we can. Once boot succeeds, other + # password agents will be responsible for watching for requests. + while [ -d $DIR ] && [ "$(ls -A $DIR/ask.*)" ]; + do + for file in `ls $DIR/ask.*`; do + socket="$(cat "$file" | ${pkgs.gnugrep}/bin/grep "Socket=" | cut -d= -f2)" + ${pkgs.unl0kr}/bin/unl0kr | ${config.boot.initrd.systemd.package}/lib/systemd/systemd-reply-password 1 "$socket" + done + done + ''; + }; + }; + + paths = { + unl0kr-ask-password = { + description = "Forward Password Requests to unl0kr"; + conflicts = [ + "emergency.service" + "initrd-switch-root.target" + "shutdown.target" + ]; + unitConfig.DefaultDependencies = false; + before = [ + "shutdown.target" + "paths.target" + "cryptsetup.target" + ]; + wantedBy = [ "sysinit.target" ]; + pathConfig = { + DirectoryNotEmpty = "/run/systemd/ask-password"; + MakeDirectory = true; + }; + }; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 1e11cc220805..480439c2a25e 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -813,6 +813,7 @@ in { systemd-initrd-luks-empty-passphrase = handleTest ./initrd-luks-empty-passphrase.nix { systemdStage1 = true; }; systemd-initrd-luks-password = handleTest ./systemd-initrd-luks-password.nix {}; systemd-initrd-luks-tpm2 = handleTest ./systemd-initrd-luks-tpm2.nix {}; + systemd-initrd-luks-unl0kr = handleTest ./systemd-initrd-luks-unl0kr.nix {}; systemd-initrd-modprobe = handleTest ./systemd-initrd-modprobe.nix {}; systemd-initrd-shutdown = handleTest ./systemd-shutdown.nix { systemdStage1 = true; }; systemd-initrd-simple = handleTest ./systemd-initrd-simple.nix {}; diff --git a/nixos/tests/systemd-initrd-luks-unl0kr.nix b/nixos/tests/systemd-initrd-luks-unl0kr.nix new file mode 100644 index 000000000000..0658a098cfa2 --- /dev/null +++ b/nixos/tests/systemd-initrd-luks-unl0kr.nix @@ -0,0 +1,75 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: let + passphrase = "secret"; +in { + name = "systemd-initrd-luks-unl0kr"; + meta = with pkgs.lib.maintainers; { + maintainers = [ tomfitzhenry ]; + }; + + enableOCR = true; + + nodes.machine = { pkgs, ... }: { + virtualisation = { + emptyDiskImages = [ 512 512 ]; + useBootLoader = true; + mountHostNixStore = true; + useEFIBoot = true; + qemu.options = [ + "-vga virtio" + ]; + }; + boot.loader.systemd-boot.enable = true; + + boot.initrd.availableKernelModules = [ + "evdev" # for entering pw + "bochs" + ]; + + environment.systemPackages = with pkgs; [ cryptsetup ]; + boot.initrd = { + systemd = { + enable = true; + emergencyAccess = true; + }; + unl0kr.enable = true; + }; + + specialisation.boot-luks.configuration = { + boot.initrd.luks.devices = lib.mkVMOverride { + # We have two disks and only type one password - key reuse is in place + cryptroot.device = "/dev/vdb"; + cryptroot2.device = "/dev/vdc"; + }; + virtualisation.rootDevice = "/dev/mapper/cryptroot"; + virtualisation.fileSystems."/".autoFormat = true; + # test mounting device unlocked in initrd after switching root + virtualisation.fileSystems."/cryptroot2".device = "/dev/mapper/cryptroot2"; + }; + }; + + testScript = '' + # Create encrypted volume + machine.wait_for_unit("multi-user.target") + machine.succeed("echo -n ${passphrase} | cryptsetup luksFormat -q --iter-time=1 /dev/vdb -") + machine.succeed("echo -n ${passphrase} | cryptsetup luksFormat -q --iter-time=1 /dev/vdc -") + machine.succeed("echo -n ${passphrase} | cryptsetup luksOpen -q /dev/vdc cryptroot2") + machine.succeed("mkfs.ext4 /dev/mapper/cryptroot2") + + # Boot from the encrypted disk + machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks.conf") + machine.succeed("sync") + machine.crash() + + # Boot and decrypt the disk + machine.start() + machine.wait_for_text("Password required for booting") + machine.screenshot("prompt") + machine.send_chars("${passphrase}") + machine.screenshot("pw") + machine.send_chars("\n") + machine.wait_for_unit("multi-user.target") + + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount"), "/dev/mapper/cryptroot do not appear in mountpoints list" + assert "/dev/mapper/cryptroot2 on /cryptroot2 type ext4" in machine.succeed("mount") + ''; +}) diff --git a/pkgs/applications/misc/gcal/default.nix b/pkgs/applications/misc/gcal/default.nix index da190218d095..a6b98ccccf08 100644 --- a/pkgs/applications/misc/gcal/default.nix +++ b/pkgs/applications/misc/gcal/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation rec { }) ]; + env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.cc.isClang "-Wno-implicit-function-declaration"; + enableParallelBuilding = true; buildInputs = [ ncurses ] ++ lib.optional stdenv.isDarwin gettext; diff --git a/pkgs/applications/networking/browsers/firefox/packages.nix b/pkgs/applications/networking/browsers/firefox/packages.nix index 2d08f391d283..801e1ca0ad40 100644 --- a/pkgs/applications/networking/browsers/firefox/packages.nix +++ b/pkgs/applications/networking/browsers/firefox/packages.nix @@ -9,6 +9,16 @@ sha512 = "31d5f9e1d4173280c8de6d9b8551bc6bba5e2c49b84f944f50d42002d5b39c2fb743bc130f26c81160388a102b8301b94a0a378ecdfa6f943860f971a860df8c"; }; + extraPatches = [ + (fetchpatch { + # Do not crash on systems without an expected statically assumed page size. + # https://phabricator.services.mozilla.com/D194458 + name = "mozbz1866025.patch"; + url = "https://hg.mozilla.org/mozilla-central/raw-rev/42c80086da4468f407648f2f57a7222aab2e9951"; + hash = "sha256-cWOyvjIPUU1tavPRqg61xJ53XE4EJTdsFzadfVxyTyM="; + }) + ]; + meta = { changelog = "https://www.mozilla.org/en-US/firefox/${version}/releasenotes/"; description = "A web browser built from Firefox source tree"; @@ -30,11 +40,11 @@ firefox-beta = buildMozillaMach rec { pname = "firefox-beta"; - version = "121.0b3"; + version = "121.0b4"; applicationName = "Mozilla Firefox Beta"; src = fetchurl { url = "mirror://mozilla/firefox/releases/${version}/source/firefox-${version}.source.tar.xz"; - sha512 = "95dd68c50af5784c44e40ad3a8ac6b4fb259fa8f56bc5e5de940d03dec1838b143712680826b4d260fefdad314464d24679911f21b1095512a86cdf4eb2648c9"; + sha512 = "b8c1be63be633744b249d2e0ffe77abcc92f0f70c0d7084395031643fb68c0b1fc32a6fcb55a25fc255e4eb8c40e818b209bb0077e416e652ae0c9463045fc12"; }; meta = { @@ -59,13 +69,13 @@ firefox-devedition = buildMozillaMach rec { pname = "firefox-devedition"; - version = "121.0b3"; + version = "121.0b4"; applicationName = "Mozilla Firefox Developer Edition"; requireSigning = false; branding = "browser/branding/aurora"; src = fetchurl { url = "mirror://mozilla/devedition/releases/${version}/source/firefox-${version}.source.tar.xz"; - sha512 = "a5ed25159e63122f27bd05810eaf665834022ae407c029734ad41ef1ed5e3956497873f5210b7c385245056718837bd17c47cfc2e2e438a4c3274d2462ce51f8"; + sha512 = "11234fda39c80a217a715884524e12febf5f920a680b0828d3619ec6ae97fe6e377c36ac86353f1aadb0569e4f04e4105714c29b447eb80ea9bad18bdd664e75"; }; meta = { diff --git a/pkgs/applications/networking/browsers/librewolf/src.json b/pkgs/applications/networking/browsers/librewolf/src.json index afe766f841bc..9662b1b54e0d 100644 --- a/pkgs/applications/networking/browsers/librewolf/src.json +++ b/pkgs/applications/networking/browsers/librewolf/src.json @@ -1,15 +1,15 @@ { - "packageVersion": "119.0.1-1", + "packageVersion": "120.0-1", "source": { - "rev": "119.0.1-1", - "sha256": "1ghxrylxrb5i37i4z2hrb8dn9lndhs75pjvhdafg079jmar5wfn7" + "rev": "120.0-1", + "sha256": "1wms3kyimmfzl64rbphgap2sm87lwkl0pr24rx4rxf3px3bq97f3" }, "settings": { - "rev": "095f50ed91aa7db2de9c67763cf46bae09146a58", - "sha256": "0nwrzcqxa72wcbxjbilxl340i69m5l0qr7gq2s6a76bbzxg502gi" + "rev": "b587388bdbe63511c478cb8b5f82c2e80040414c", + "sha256": "03cw6wh7358pgld4qgs534pl2lnfvwc0xl2yyb3n3pyvmba6cyrp" }, "firefox": { - "version": "119.0.1", - "sha512": "4f3201aee10e7b831cc384b2c7430a24f4de81f703115a917f9eb7acecb2ae1725f11af56c41257a056bb9d7a4d749d590cc9baffcd6e13852be45aaecf8163a" + "version": "120.0", + "sha512": "31d5f9e1d4173280c8de6d9b8551bc6bba5e2c49b84f944f50d42002d5b39c2fb743bc130f26c81160388a102b8301b94a0a378ecdfa6f943860f971a860df8c" } } diff --git a/pkgs/by-name/ni/nix-unit/package.nix b/pkgs/by-name/ni/nix-unit/package.nix new file mode 100644 index 000000000000..a9f1b7105c29 --- /dev/null +++ b/pkgs/by-name/ni/nix-unit/package.nix @@ -0,0 +1,57 @@ +{ stdenv +, lib +, boost +, clang-tools +, cmake +, difftastic +, makeWrapper +, meson +, ninja +, nixVersions +, nlohmann_json +, pkg-config +, fetchFromGitHub +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "nix-unit"; + version = "2.18.0"; + + src = fetchFromGitHub { + owner = "nix-community"; + repo = "nix-unit"; + rev = "v${finalAttrs.version}"; + hash = "sha256-9wq14p+85oW4HlD42NJ0jyA++z3nEYjFQ6uT40xdfbc="; + }; + + buildInputs = [ + nlohmann_json + # We pin the nix version to a known working one here as upgrades can likely break the build. + # Since the nix language is rather stable we don't always need to have the latest and greatest for unit tests + # On each update of nix unit we should re-evaluate what version we need. + nixVersions.nix_2_18 + boost + ]; + + nativeBuildInputs = [ + makeWrapper + meson + pkg-config + ninja + # nlohmann_json can be only discovered via cmake files + cmake + ] ++ lib.optional stdenv.cc.isClang [ clang-tools ]; + + postInstall = '' + wrapProgram "$out/bin/nix-unit" --prefix PATH : ${difftastic}/bin + ''; + + meta = { + description = "Nix unit test runner"; + homepage = "https://github.com/nix-community/nix-unit"; + license = lib.licenses.gpl3; + maintainers = with lib.maintainers; [ mic92 adisbladis ]; + platforms = lib.platforms.unix; + mainProgram = "nix-unit"; + }; +}) diff --git a/pkgs/by-name/un/unl0kr/package.nix b/pkgs/by-name/un/unl0kr/package.nix new file mode 100644 index 000000000000..fa72e2af5c18 --- /dev/null +++ b/pkgs/by-name/un/unl0kr/package.nix @@ -0,0 +1,57 @@ +{ lib +, nixosTests +, stdenv +, fetchFromGitLab +, inih +, libdrm +, libinput +, libxkbcommon +, meson +, ninja +, pkg-config +, scdoc +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "unl0kr"; + version = "2.0.0"; + + src = fetchFromGitLab { + domain = "gitlab.com"; + owner = "cherrypicker"; + repo = "unl0kr"; + rev = finalAttrs.version; + fetchSubmodules = true; + hash = "sha256-KPP4Ol1GCAWqdQYlNtKQD/jx8A/xuHdvKjcocPMqWa0="; + }; + + nativeBuildInputs = [ + meson + ninja + pkg-config + scdoc + ]; + + buildInputs = [ + inih + libdrm + libinput + libxkbcommon + ]; + + propagatedBuildInputs = [ + libxkbcommon + ]; + + passthru = { + tests.unl0kr = nixosTests.systemd-initrd-luks-unl0kr; + }; + + meta = with lib; { + description = "Framebuffer-based disk unlocker for the initramfs based on LVGL"; + homepage = "https://gitlab.com/cherrypicker/unl0kr"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ tomfitzhenry ]; + platforms = platforms.linux; + }; +}) diff --git a/pkgs/development/compilers/kotlin/native.nix b/pkgs/development/compilers/kotlin/native.nix index b50f6287c971..16599c9b96c8 100644 --- a/pkgs/development/compilers/kotlin/native.nix +++ b/pkgs/development/compilers/kotlin/native.nix @@ -20,8 +20,8 @@ stdenv.mkDerivation rec { "https://github.com/JetBrains/kotlin/releases/download/v${version}/kotlin-native-${arch}-${version}.tar.gz"; getHash = arch: { - "macos-aarch64" = "1pn371hy6hkyji4vkfiw3zw30wy0yyfhkxnkkyr8m0609945mkyj"; - "macos-x86_64" = "13c28czvja93zaff0kzqf8crzh998l90gznq0cl6k2j3c0jhyrgm"; + "macos-aarch64" = "sha256-Yw6IO8pj0C9XHfzVshcovkoFBUXJ3KixhGoybBRFL2U="; + "macos-x86_64" = "sha256-mnDi8dMCDzGsdPdD1dw4YMBxAfo5FvwDJVU/ew70z9U="; "linux-x86_64" = "sha256-faMuBYUG5qj0N4vg5EcfWIC3UjXiPhFJuikzXVgNsjw="; }.${arch}; in diff --git a/pkgs/development/python-modules/calmjs-parse/default.nix b/pkgs/development/python-modules/calmjs-parse/default.nix index 8420cbd03afd..34a2c00ce33b 100644 --- a/pkgs/development/python-modules/calmjs-parse/default.nix +++ b/pkgs/development/python-modules/calmjs-parse/default.nix @@ -8,17 +8,26 @@ buildPythonPackage rec { pname = "calmjs-parse"; - version = "1.3.0"; + version = "1.3.1"; - format = "setuptools"; + pyproject = true; src = fetchFromGitHub { owner = "calmjs"; repo = "calmjs.parse"; rev = version; - hash = "sha256-QhHNp9g88RhGHqRRjg4nk7aXjAgGCOauOagWJoJ3fqc="; + hash = "sha256-xph+NuTkWfW0t/1vxWBSgsjU7YHQMnsm/W/XdkAnl7I="; }; + postPatch = '' + substituteInPlace setup.py \ + --replace "env['PYTHONPATH'] = 'src'" "env['PYTHONPATH'] += ':src'" + ''; + + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ setuptools ply @@ -43,6 +52,7 @@ buildPythonPackage rec { ]; meta = with lib; { + changelog = "https://github.com/calmjs/calmjs.parse/blob/${src.rev}/CHANGES.rst"; description = "Various parsers for ECMA standards"; homepage = "https://github.com/calmjs/calmjs.parse"; license = licenses.mit; diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index b3d625c64141..6780f2ae975e 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "checkov"; - version = "3.1.15"; + version = "3.1.18"; pyproject = true; src = fetchFromGitHub { owner = "bridgecrewio"; repo = "checkov"; rev = "refs/tags/${version}"; - hash = "sha256-n3HMRv14vJvnjVOEfjuQIsVdEd4Uf2iHA9iypPWJO0M="; + hash = "sha256-Rxl+Sjv2ULKHfsPlEirT79NTWoeG8I1jQN9dOWhqAJU="; }; patches = [ diff --git a/pkgs/development/tools/misc/regex-cli/default.nix b/pkgs/development/tools/misc/regex-cli/default.nix index 5a1c7d7314be..4ce731042589 100644 --- a/pkgs/development/tools/misc/regex-cli/default.nix +++ b/pkgs/development/tools/misc/regex-cli/default.nix @@ -5,14 +5,14 @@ rustPlatform.buildRustPackage rec { pname = "regex-cli"; - version = "0.1.1"; + version = "0.2.0"; src = fetchCrate { inherit pname version; - hash = "sha256-i+3HluKbR+5e2Nd0E0Xy+mwsC9x3+21rFdCNmII8HsM="; + hash = "sha256-Uo1y3L4l/Ik//NoBLsCqvQmC7ZGaSt0XzT1wDGCoU4U="; }; - cargoHash = "sha256-u6Gaeo9XDcyxZwBt67IF1X7rr4vR9jIrzr8keHGU88w="; + cargoHash = "sha256-O0KAY9XeP+LFcvAwO5SbF5yMHU1KZ77UdkAGAcx1hHc="; meta = with lib; { description = "A command line tool for debugging, ad hoc benchmarking and generating regular expressions"; diff --git a/pkgs/development/tools/misc/sccache/default.nix b/pkgs/development/tools/misc/sccache/default.nix index 47ae36c77ea9..927281d62c1a 100644 --- a/pkgs/development/tools/misc/sccache/default.nix +++ b/pkgs/development/tools/misc/sccache/default.nix @@ -1,17 +1,17 @@ { lib, fetchFromGitHub, rustPlatform, pkg-config, openssl, stdenv, Security }: rustPlatform.buildRustPackage rec { - version = "0.7.2"; + version = "0.7.4"; pname = "sccache"; src = fetchFromGitHub { owner = "mozilla"; repo = "sccache"; rev = "v${version}"; - sha256 = "sha256-hup9FM2KEBXRx6NleDGR01C0whJgR1KYyIrcIv2UE80="; + sha256 = "sha256-r5Gev6tnaq8KY26Zl5aDxTomAFw3SPK3szrS4Kc14cI="; }; - cargoSha256 = "sha256-Od1uaKZVAZaIDrsNheR1kYIjnmpnThlU7k3EIKdOjzM="; + cargoSha256 = "sha256-4YeD4UxqhLRg2d2INbMAHrJBTlvuafrKEcjohBDx6CQ="; nativeBuildInputs = [ pkg-config ]; buildInputs = [ openssl ] ++ lib.optional stdenv.isDarwin Security; diff --git a/pkgs/os-specific/linux/cfs-zen-tweaks/default.nix b/pkgs/os-specific/linux/cfs-zen-tweaks/default.nix index ef5dfe8e2e06..d7a06ed6e737 100644 --- a/pkgs/os-specific/linux/cfs-zen-tweaks/default.nix +++ b/pkgs/os-specific/linux/cfs-zen-tweaks/default.nix @@ -8,22 +8,22 @@ stdenv.mkDerivation rec { pname = "cfs-zen-tweaks"; - version = "1.2.0"; + version = "1.3.0"; src = fetchFromGitHub { owner = "igo95862"; repo = "cfs-zen-tweaks"; rev = version; - sha256 = "HRR2tdjNmWyrpbcMlihSdb/7g/tHma3YyXogQpRCVyo="; + hash = "sha256-E3sNWWXm0NEqLCzFccd/nfYby+/b/MVjIHeGlDxV1W4="; }; preConfigure = '' - substituteInPlace set-cfs-zen-tweaks.bash \ + substituteInPlace set-cfs-zen-tweaks.sh \ --replace '$(gawk' '$(${gawk}/bin/gawk' ''; preFixup = '' - chmod +x $out/lib/cfs-zen-tweaks/set-cfs-zen-tweaks.bash + chmod +x $out/lib/cfs-zen-tweaks/set-cfs-zen-tweaks.sh ''; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/servers/audiobookshelf/default.nix b/pkgs/servers/audiobookshelf/default.nix index 626f5639adc6..5ed446b8bbad 100644 --- a/pkgs/servers/audiobookshelf/default.nix +++ b/pkgs/servers/audiobookshelf/default.nix @@ -17,13 +17,13 @@ let nodejs = nodejs_18; pname = "audiobookshelf"; - version = "2.5.0"; + version = "2.6.0"; src = fetchFromGitHub { owner = "advplyr"; repo = pname; rev = "v${version}"; - sha256 = "sha256-yPDByM09rc9zRLh0ONcY5bScY4NOrKDv0Pdwo97Czcs="; + sha256 = "sha256-lifvfh9dF3Hbgm5NHrzS9zQdv+INSByNkqMWTxTpUMo="; }; client = buildNpmPackage { @@ -37,7 +37,7 @@ let NODE_OPTIONS = "--openssl-legacy-provider"; npmBuildScript = "generate"; - npmDepsHash = "sha256-ZNkHDNjaQbUt3oWnNIYPYkcvjelieY4RJxNSbzR1+JM="; + npmDepsHash = "sha256-FxP1Kysx3ngk3napZ5uvKSabeOypBtA0kjhyAKpcdo8="; }; wrapper = import ./wrapper.nix { @@ -52,7 +52,7 @@ in buildNpmPackage { dontNpmBuild = true; npmInstallFlags = [ "--only-production" ]; - npmDepsHash = "sha256-PVgK8R8sf16KKQS/mPXtvit9CW9+4Gc9Onpaw+SSgNI="; + npmDepsHash = "sha256-NcurZee1Z8Rvm2UcjvckbdirfgiIkXMx9GKbr4x/HqE="; installPhase = '' mkdir -p $out/opt/client diff --git a/pkgs/servers/geospatial/mapcache/default.nix b/pkgs/servers/geospatial/mapcache/default.nix index e4326e920ced..df679d930fa0 100644 --- a/pkgs/servers/geospatial/mapcache/default.nix +++ b/pkgs/servers/geospatial/mapcache/default.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { homepage = "https://mapserver.org/mapcache/"; changelog = "https://www.mapserver.org/development/changelog/mapcache/"; license = licenses.mit; - maintainers = with maintainers; [ sikmir ]; + maintainers = teams.geospatial.members; platforms = platforms.unix; }; } diff --git a/pkgs/servers/geospatial/mapserver/default.nix b/pkgs/servers/geospatial/mapserver/default.nix index d131d331c763..c46aa3d48d0d 100644 --- a/pkgs/servers/geospatial/mapserver/default.nix +++ b/pkgs/servers/geospatial/mapserver/default.nix @@ -57,7 +57,7 @@ stdenv.mkDerivation rec { homepage = "https://mapserver.org/"; changelog = "https://mapserver.org/development/changelog/"; license = licenses.mit; - maintainers = with maintainers; [ sikmir ]; + maintainers = teams.geospatial.members; platforms = platforms.unix; }; } diff --git a/pkgs/servers/geospatial/mbtileserver/default.nix b/pkgs/servers/geospatial/mbtileserver/default.nix index 7907ba186079..6b2831f87f1a 100644 --- a/pkgs/servers/geospatial/mbtileserver/default.nix +++ b/pkgs/servers/geospatial/mbtileserver/default.nix @@ -18,6 +18,6 @@ buildGoModule rec { homepage = "https://github.com/consbio/mbtileserver"; changelog = "https://github.com/consbio/mbtileserver/blob/v${version}/CHANGELOG.md"; license = licenses.isc; - maintainers = with maintainers; [ sikmir ]; + maintainers = teams.geospatial.members; }; } diff --git a/pkgs/servers/geospatial/pg_featureserv/default.nix b/pkgs/servers/geospatial/pg_featureserv/default.nix index da1cdf10939d..6c9d3a6c10c9 100644 --- a/pkgs/servers/geospatial/pg_featureserv/default.nix +++ b/pkgs/servers/geospatial/pg_featureserv/default.nix @@ -19,6 +19,6 @@ buildGoModule rec { description = "Lightweight RESTful Geospatial Feature Server for PostGIS in Go"; homepage = "https://github.com/CrunchyData/pg_featureserv"; license = licenses.asl20; - maintainers = with maintainers; [ sikmir ]; + maintainers = teams.geospatial.members; }; } diff --git a/pkgs/servers/geospatial/pg_tileserv/default.nix b/pkgs/servers/geospatial/pg_tileserv/default.nix index 93afa6746a5c..80b8c23bee1a 100644 --- a/pkgs/servers/geospatial/pg_tileserv/default.nix +++ b/pkgs/servers/geospatial/pg_tileserv/default.nix @@ -31,6 +31,6 @@ buildGoModule rec { description = "A very thin PostGIS-only tile server in Go"; homepage = "https://github.com/CrunchyData/pg_tileserv"; license = licenses.asl20; - maintainers = with maintainers; [ sikmir ]; + maintainers = teams.geospatial.members; }; } diff --git a/pkgs/servers/geospatial/tile38/default.nix b/pkgs/servers/geospatial/tile38/default.nix index 250a85b51ff5..e918abf03261 100644 --- a/pkgs/servers/geospatial/tile38/default.nix +++ b/pkgs/servers/geospatial/tile38/default.nix @@ -25,6 +25,6 @@ buildGoModule rec { ''; homepage = "https://tile38.com/"; license = licenses.mit; - maintainers = with maintainers; [ sikmir ]; + maintainers = teams.geospatial.members; }; } diff --git a/pkgs/servers/sql/postgresql/ext/pgrouting.nix b/pkgs/servers/sql/postgresql/ext/pgrouting.nix index c4166a404b08..90851a482544 100644 --- a/pkgs/servers/sql/postgresql/ext/pgrouting.nix +++ b/pkgs/servers/sql/postgresql/ext/pgrouting.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { description = "A PostgreSQL/PostGIS extension that provides geospatial routing functionality"; homepage = "https://pgrouting.org/"; changelog = "https://github.com/pgRouting/pgrouting/releases/tag/v${version}"; - maintainers = [ maintainers.steve-chavez ]; + maintainers = with maintainers; teams.geospatial.members ++ [ steve-chavez ]; platforms = postgresql.meta.platforms; license = licenses.gpl2Plus; }; diff --git a/pkgs/tools/admin/fbvnc/default.nix b/pkgs/tools/admin/fbvnc/default.nix index 2bd46f27ab0f..0157f391d66b 100644 --- a/pkgs/tools/admin/fbvnc/default.nix +++ b/pkgs/tools/admin/fbvnc/default.nix @@ -1,30 +1,38 @@ -{lib, stdenv, fetchFromGitHub}: +{ lib +, stdenv +, fetchFromGitHub +}: + stdenv.mkDerivation rec { - name = "${pname}-${version}"; pname = "fbvnc"; version = "1.0.2"; src = fetchFromGitHub { owner = "zohead"; repo = pname; - sha256 = "0lkr4j1wsa05av2g9w99rr9w4j4k7a21vp36x0a3h50y8bmgwgm1"; rev = "783204ff6c92afec33d6d36f7e74f1fcf2b1b601"; + hash = "sha256-oT7+6kIeFDgU6GbcHYQ6k0jCU84p8fTEVgUozYMkeVI="; }; - buildInputs = []; + makeFlags = [ + "CC:=$(CC)" + ]; installPhase = '' - mkdir -p "$out/bin" - cp fbvnc "$out/bin" - mkdir -p "$out/share/doc/${pname}" - cp README* "$out/share/doc/${pname}" + runHook preInstall + + install -Dm555 fbvnc -t "$out/bin" + install -Dm444 README.md -t "$out/share/doc/fbvnc" + + runHook postInstall ''; meta = { description = "Framebuffer VNC client"; license = lib.licenses.bsd3; - maintainers = [lib.maintainers.raskin]; + maintainers = [ lib.maintainers.raskin ]; platforms = lib.platforms.linux; homepage = "https://github.com/zohead/fbvnc/"; + mainProgram = "fbvnc"; }; } diff --git a/pkgs/tools/misc/nix-direnv/default.nix b/pkgs/tools/misc/nix-direnv/default.nix index 93c7456bcb1c..d4e461bb77e1 100644 --- a/pkgs/tools/misc/nix-direnv/default.nix +++ b/pkgs/tools/misc/nix-direnv/default.nix @@ -1,25 +1,23 @@ { lib , stdenv , fetchFromGitHub -, gnugrep , nix }: stdenv.mkDerivation (finalAttrs:{ pname = "nix-direnv"; - version = "2.4.0"; + version = "2.5.1"; src = fetchFromGitHub { owner = "nix-community"; repo = "nix-direnv"; rev = finalAttrs.version; - hash = "sha256-h49uz+/YDRwbusiVx6I3HP9P3UZROIOlwjlYYqRjesE="; + hash = "sha256-rMQ+Nb6WqXm66g2TpF8E0Io9WBR0ve06MW8I759gl2M="; }; # Substitute instead of wrapping because the resulting file is # getting sourced, not executed: postPatch = '' sed -i "1a NIX_BIN_PREFIX=${nix}/bin/" direnvrc - substituteInPlace direnvrc --replace "grep" "${lib.getExe gnugrep}" ''; installPhase = '' diff --git a/pkgs/tools/networking/ipinfo/default.nix b/pkgs/tools/networking/ipinfo/default.nix index 663c898935da..16b68e4801c6 100644 --- a/pkgs/tools/networking/ipinfo/default.nix +++ b/pkgs/tools/networking/ipinfo/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "ipinfo"; - version = "3.1.2"; + version = "3.2.0"; src = fetchFromGitHub { owner = pname; repo = "cli"; rev = "refs/tags/${pname}-${version}"; - hash = "sha256-KCdKfZs1u3ZLaG+Lmod/vV0T0LaW8hs4ReGlVA7A9pA="; + hash = "sha256-bqA8Y3mVHSwhUcvr3biWbH6K73MYmo3f7wSMS4J+Bk8="; }; vendorHash = null; diff --git a/pkgs/tools/package-management/dnf5/default.nix b/pkgs/tools/package-management/dnf5/default.nix index 0476da3d5fbd..f9a44a8a70b5 100644 --- a/pkgs/tools/package-management/dnf5/default.nix +++ b/pkgs/tools/package-management/dnf5/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation (finalAttrs: { owner = "rpm-software-management"; repo = "dnf5"; rev = finalAttrs.version; - hash = "sha256-4ht2KraWKL774QPfZz1OgAuFtPVsMis9WiDS+QFP8JY="; + hash = "sha256-1g3g+6EborZd2ppPMZcy0Wjv07zetATHb/sCkuZz5UM="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 105a01960d0b..90ae553a014b 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2023-11-25"; + version = "2023-11-28"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-pgHi2DoQ9xjj/hlQIhXijTWqYPYClL6rWtEl2WsCVDE="; + hash = "sha256-3F2x+1d2h0fMy8p0qCOHh7UZyGYc65WkJcHxug0Hg6g="; }; nativeBuildInputs = [ |